Application Serial No. 10/060,525 
Attorney's Docket No. 0023-0221 

Page 10 

Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the application: 
Listing of Claims: 

1 . (currently amended) A method for facilitating remote access by a mail client to a mail 
server via an intermediary server, said method comprising: 

(a) receiving a mail access request at the intermediary server, the mail access request 
being sent to the intermediary server from the mail client for a requestor; 

(b) receiving a password associated with the mail access request; 

(c) authenticating the requestor with the mail server based on the received password; 

(d) authenticating the requestor with an authentication server based on the received 
password, the authentication server being associated with coupled to or within a private network 
that includes the mail server; and 

(e) permitting the mail access request when both the mail server and the authentication 
server authenticate the requestor. 

2. (original) A method as recited in claim 1, wherein a mail server password and an 
authentication server password are included in or derived from the received password, 

wherein said authenticating (c) authenticates the requestor with the mail server using the 
mail server password, and 

wherein said authenticating (d) authenticates the requestor with the authentication server 
using the authentication server password. 
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3. (currently amended) A method as recited in claim 1, wherein said authenticating (d) 
comprises: 

(dl) retrieving a previously stored hashed password associated with the requestor or the 
mail client; 

(d2) determining whether a hashed version of the received password matches the 
previously stored hashed password; 

(d3) authenticating the requestor with the authentication server based on the received 
password; and 

(d4) bypassing said authenticating (d3) and treating the received password [[has]] as 
having been authenticated when said determining (d2) determines that the hashed version of the 
received password matches the previously stored hashed password. 

4. (original) A method as recited in claim 3, wherein a mail server password and an 
authentication server password are included in or derived from the received password, 

wherein said authenticating (c) authenticates the requestor with the mail server using the 
mail server password, and 

wherein said authenticating (d) authenticates the requestor with the authentication server 
using the authentication server password. 

5. (currently amended) A method as recited in claim 3, wherein said receiving retrieving 
(dl) further includes at least retrieving a time last authorized by the authentication server, and 

wherein said method further comprises: 

(d5) determining whether the time last authorized by the authentication server 
exceeds a fet-predetermined duration; and 
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(d6) preventing said bypassing (d4) from bypassing said authenticating (d3) when 
said determining (d5) determines that the time last authorized by the authentication server 
exceeds the ^^predetermined duration. 

6. (currently amended) A method as recited in claim 5, wherein the first-predetermined 
duration is a maximum session duration. 

7. (original) A method as recited in claim 5, wherein a mail server password and an 
authentication server password are included in or derived from the received password, 

wherein said authenticating (c) authenticates the requestor with the mail server using the 
mail server password, and 

wherein said authenticating (d) authenticates the requestor with the authentication server 
using the authentication server password. 

8. (currently amended) A method as recited in claim 3, 

wherein said receiving retrieving (dl) further includes at least retrieving a time last used 
password, and 

wherein said method further comprises: 

(d5) determining whether the time last used password exceeds a s e cond 
predetermined duration; and 

(d6) preventing said bypassing (d4) from bypassing said authenticating (d3) when 
said determining (d5) determines that the time last used password exceeds the s e cond 
predetermined duration. 
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9. (currently amended) A method as recited in claim 8, wherein the seeend-predetermined 
duration is a maximum idle duration. 

10. (original) A method as recited in claim 9, wherein a mail server password and an 
authentication server password are included in or derived from the received password, 

wherein said authenticating (c) authenticates the requestor with the mail server using the 
mail server password, and 

wherein said authenticating (d) authenticates the requestor with the authentication server 
using the authentication server password. 

1 1 . (currently amended) A method for authenticating a requestor of a remote mail client 
seeking access to a mail server, said method comprising: 

(a) receiving a password from the remote mail client; 

(b) retrieving a previously stored hashed password; 

(c) determining whether a hashed version of the received password matches the 
previously stored hashed password; 

(d) authenticating the requestor with the mail server based on the received password; and 

(e) further authenticating the requestor with an authentication server based on the 
received password when said determining (c) determines that the hashed version of the received 
password does not match the previously stored hashed password, the authentication server being 
associated with couples to or resides on a private network that includes the mail server. 
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12. (original) A method as recited in claim 11, wherein the received password is an 
authentication password, and wherein the authentication password serves to authenticate the 
requestor or the remote mail client to the authentication server. 

13. (currently amended) A method as recited in claim 11, 

wherein said receiving (a) further receives a time last authorized by the authentication 

server, 

wherein said determining (c) further determines whether [[the]] a time since the time last 
authorized by the authentication server exceeds a fifst-predetermined duration, and 

wherein said authenticating (e) is performed when said determining (c) determines that 
the time since the time last authorized by the authentication server exceeds the first 
predetermined duration, regardless of whether said determining (c) determines that the hashed 
version of the received password matches the previously stored hashed password. 

14. (currently amended) A method as recited in claim 11, 

wherein said receiving (a) further receives a time last used password, 

wherein said determining (c) further determines whether [[the]] a time since the time last 

used password exceeds a s e cond predetermined duration, and 

wherein said authenticating (e) is performed when said determining (c) determines that 

the time since the time last used password exceeds the seeend-predetermined duration, regardless 

of whether said determining (c) determines that the hashed version of the received password 

matches the previously stored hashed password. 
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15. (currently amended) A method as recited in claim 1 1 , 

wherein said receiving (a) further receives a time last authorized by the authentication 
server and a time last used password, 

wherein said determining (c) further determines whether [[the]] a time since the time last 
authorized by the authentication server exceeds a first predetermined duration and whether the 
time since the time last used password exceeds a second predetermined duration, and 

wherein said authenticating (e) is performed when said determining (c) determines that 
the time since the time last authorized by the authentication server exceeds the first 
predetermined duration or that the time since the time last used password exceeds the second 
predetermined duration, regardless of whether said determining (c) determines that the hashed 
version of the received password matches the previously stored hashed password. 

16. (original) A method as recited in claim 15, wherein the received password is an 
authentication password, and wherein the authentication password serves to authenticate the 
requestor or the remote mail client to the authentication server. 

17. (original) A method as recited in claim 15, wherein the first predetermined duration is a 
maximum session duration, and wherein the second predetermined duration is a maximum idle 
duration. 

18. (currently amended) A computer readable storage medium including at least computer 
program code for facilitating remote access by a mail client to a mail server via an intermediary 
server, said computer readable storage medium comprising: 
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computer program code for receiving a mail access request at the intermediary server, the 
mail access request being sent to the intermediary server from the mail client for a requestor; 

computer program code for receiving a password associated with the mail access request; 

computer program code for authenticating the requestor with the mail server based on the 
received password; 

computer program code for authenticating the requestor with an authentication server 
based on the received password, the authentication server being associated with c oupled to or 
included in a private network that includes the mail server; and 

computer program code for permitting the mail access request when both the mail server 
and the authentication server authenticate the requestor. 

19. (currently amended) A computer readable storage medium as recited in claim 1 8, 
wherein a mail server password and an authentication server password are included in or derived 
from the received password, 

wherein said computer program code for authenticating operates to authenticate the 
requestor with the mail server using the mail server password, and 

wherein said computer program code for authenticating operates to authenticate the 
requestor with the authentication server using the authentication server password. 

20. (currently amended) A computer readable storage medium as recited in claim 1 8, 
wherein said computer program code for authenticating comprises: 

computer program code for retrieving a previously stored hashed password associated 
with the requestor or the mail client; 
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computer program code for determining whether a hashed version of the received 
password matches the previously stored hashed password; 

computer program code for authenticating the requestor with the authentication server 
based on the received password: and 

computer program code for bypassing the authenticating and treating the received 
password [[has]] as having been authenticated when said computer program code for 
determining determines that the hashed version of the received password matches the previously 
stored hashed password. 

2 1 . (currently amended) A computer readable storage medium including at least computer 
program code for authenticating a requestor of a remote mail client seeking access to a mail 
server, said computer readable storage medium comprising: 

computer program code for receiving a password from the remote mail client; 

computer program code for retrieving a previously stored hashed password; 

computer program code for determining whether a hashed version of the received 
password matches the previously stored hashed password; 

computer program code for authenticating the requestor with the mail server based on the 
received password; and 

computer program code for authenticating the requestor with an authentication server 
based on the received password when said computer program code for determining determines 
that the hashed version of the received password does not match the previously stored hashed 
password, the authentication server being associat e d with on a private network that includes the 
mail server. 
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22. (currently amended) A computer readable storage medium as recited in claim 21 , 
wherein the received password is an authentication password, and wherein the authentication 
password serves to authenticate the requestor or the remote mail client to the authentication 
server. 

23. (currently amended) A computer readable storage medium as recited in claim 21, 

wherein said computer program code for receiving further receives a time last authorized 
by the authentication server, 

wherein said computer program code for determining further determines whether [[the]] a 
time since the time last authorized by the authentication server exceeds a predetermined duration, 
and 

wherein the authenticating is performed by said computer program code for 
authenticating when said computer program code for determining determines that the time since 
the time last authorized by the authentication server exceeds the predetermined duration, 
regardless of whether said computer program code for determining determines that the hashed 
version of the received password matches the previously stored hashed password. 



